324 matches found
EUVD-2023-50835
Malicious code in bioql PyPI...
EUVD-2024-40611
Malicious code in bioql PyPI...
CVE-2025-54712 WordPress Easy Elementor Addons Plugin <= 2.2.7 - Broken Access Control Vulnerability
Missing Authorization vulnerability in hashthemes Easy Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Elementor Addons: from n/a through 2.2.7...
CVE-2025-54739
CVE-2025-54739 describes a Missing Authorization (Broken Access Control) vulnerability affecting Nexter Blocks (POSIMYTH) up to version 4.5.4. The issue stems from incorrectly configured access control; CVSS v3.1 base score 5.3 (Medium). Connected sources indicate patching status exists (patched)...
CVE-2025-52721 WordPress Global Gallery Plugin <= 9.2.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3...
The vulnerability of the device management platform for systems related to heating, ventilation, and air conditioning, lighting, and energy consumption within the Niagara Framework, as well as the Niagara Enterprise Security tools for access control and security, stems from the absence of necessary encryption steps. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the device management platform for systems for heating, ventilation, and air conditioning, lighting, and energy consumption, as well as the Niagara Framework and the access control and security measures, is related to the absence of the necessary encryption step. Exploiting...
CVE-2025-54037
Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.3.4...
CVE-2025-49319
Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wishlist for WooCommerce: from n/a through = 3.2.3...
CVE-2025-49319 WordPress Wishlist for WooCommerce <= 3.2.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist for WooCommerce: from n/a through 3.2.3...
CVE-2025-54011
Missing Authorization vulnerability in SMTP2GO SMTP2GO smtp2go allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMTP2GO: from n/a through = 1.12.1...
PT-2025-29802 · WordPress · Profiler
Name of the Vulnerable Software and Affected Versions: Profiler - What Slowing Down Your WP versions n/a through 1.0.0 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Versions prior to 1.0.0 are affecte...
CVE-2025-7030
CVE-2025-7030 affects Drupal Two-factor Authentication (TFA) module prior to 1.11.0. The root cause is a Privilege Defined With Unsafe Actions vulnerability that hinges on incorrectly configured access controls, allowing bypass of certain privilege checks. Affected versions range from 0.0.0 up to...
CVE-2025-3648
A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list ACL configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer...
CVE-2025-21001
Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast...
CVE-2025-53200 WordPress ChatBot plugin <= 6.7.3 - Broken Access Control Vulnerability
Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 6.7.3...
PT-2025-27136 · Unknown · Dejan Jasnic Trusty Whistleblowing
Name of the Vulnerable Software and Affected Versions: Dejan Jasnic Trusty Whistleblowing versions 1.5.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For...
CVE-2025-49971
Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eDS Responsive Menu: from n/a through = 1.2...
CVE-2025-49978 WordPress JobSearch plugin <= 2.9.0 - Insecure Direct Object References (IDOR) Vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobSearch: from n/a through 2.9.0...
CVE-2025-49979
CVE-2025-49979 concerns the WordPress Media Hygiene plugin (versions
CVE-2025-49979 WordPress Media Hygiene plugin <= 4.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in slui Media Hygiene media-hygiene allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Hygiene: from n/a through = 4.0.1...